This is the MPI Software Security group lead by Dr Marcel Böhme at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. We are interested in the automatic discovery of security flaws in software systems at the very large scale. Some of us work on the foundations of automatic vulnerability discovery and program analysis in general. For instance, we seek to identify fundamental limitations of existing techniques, we study empirical methods (incl. statistical and causal reasoning) for program analysis, and we explore the assurances that software testing provides when no bugs are found. Another part of our group develops practical vulnerability discovery tools that are widely used in software security practice. For instance, Entropic is the default power schedule in LibFuzzer which powers the largest fuzzing platforms at Google and Microsoft, fuzzing hundreds of security-critical projects on 100k machines 24/7. Our tools have discovered 100+ bugs in widely-used software systems, more than 70 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database.
News
- Oct 2024 We are excited to host an amazing set of researchers in the past and coming months: Eleonora Losiouk (U of Padova, IT; 4m), Neil Walkinshaw (U of Sheffield, UK; 2d), Yizheng Chen (UMD, US; virtual), Andreas Zeller (CISPA; 2d), Abhik Roychoudhury (NUS, SG; 1wk).
- Oct 2024 Marcel gave a keynote at RAID’24 and has been invited to serve as program chair of ASE’25 and ISSTA’26.
- Oct 2024 Our CCS’24 paper on finding side-channels due to future microarchs won the ACM SIGSAC Distinguished Paper Award.
- Jul 2024 Paper on the statistical program analysis for privacy accepted at ICSE’25! Congrats to Seongmin and Shreyas!
- Apr 2024 Paper on evaluating the capabilities of ML for vulnerability discovery accepted at USENIX Sec’24. Congrats Nikas!
- Feb 2024 Marcel is honored and incredibly grateful to receive the NUS Outstanding Young Computing Alumni Award!
- Dec 2023 Niklas Risse wins 2nd place in the ACM ESEC/FSE Student Research Compentition. Congrats Niklas!
- Oct 2023 Our discovery of a connection between fuzzing and information theory is this month’s CACM research highlight! CACM is the monthly journal sent to all members of the ACM. The CACM Technical Perspective was written by the amazing Prof Gordon Fraser.
- Older news…
Opportunities
We are always looking to recruit
👩🎓 PhD students and
👩💻 interns
in Software Security. Just reach out via email.
You'll need a strong background in one of:
* Statistics, data science,
ML (causality, security flaws), and/or
* Program analysis, system building,
vulnerability discovery, CTFs.
People
Faculty & Fellows
-
Marcel Böhme
Faculty member
-
Seongmin Lee
Research Fellow
Graduate Students
-
Niklas Risse
PhD Student (MPI-SP / CASA)
-
Ardi Madadi
PhD Student (MPI-SP)
-
Gaetano Sapia
PhD Student (MPI-SP)
Interns & Visitors
-
Yasamin Golzar
Sharif University, Iran
-
Jing Liu
UCI, USA
Co-advised Grad Students
-
Zac Hatfield-Dodds
PhD student (ANU, on leave @ Anthropic, w/ Tony Hosking)
-
Philipp Görz
PhD student (CISPA / RUB, main advisor: Thorsten Holz)
-
Leon Weiß
PhD student (CASA / RUB, main advisor: Kevin Borgolte)
-
Tobias Holl
PhD student (CASA / RUB, main advisor: Kevin Borgolte)
Past Research Fellows
-
Zahra Mirzamomen
PostDoc 2020-23. Now at Monash University.
-
Van-Thuan Pham
PostDoc 2018-20. Now at University of Melbourne.
-
Behrad Garmany
PostDoc 2022. RUB, Germany. Now at Onapsis Inc.
Alumni
-
Danushka Liyanage
PhD 2023. Now at University of Sydney, Australia.
-
Charaka Geethal Kapugama
PhD 2023. Now at University of Ruhuna, Sri Lanka.
-
Anjana Perera
PhD 2022 (co-adviced). Now at Oracle Labs, Australia.
Past Research Assistents
-
Octavio Galland
2022/23. U. of Buenos Aires, Argentina. Now at Canonical.
-
Bharath Krish
2020-22. Monash U, Australia. Now at Deloitte.
Past Interns & Visitors
- Prof. Eleonora Losiouk 2024. U of Padova, Italy
- Haoxin Tu 2024. SMU, Singapore
- Eric Tang 2024. CMU, USA
- Prabith Gupta 2024. Amrita University, India
- Rafaila Galanopoulou 2023. Athens University, Greece
- Abhishek Shah 2023. Columbia University, USA
- Simran Kathpalia 2023. Amrita University, India
- Shreyas Minocha 2023. Rice University, USA
- Stephan Lipp 2022. TU Munich, Germany
- Nikhil Parasaram 2022. University College London, UK
- Dongjia Zhang 2022. Tokyo University, Japan.
- Christian Presa Schnell 2022. TU Munich, Germany
Past Undergraduate Students
- Robert Stark 2022. MSc thesis (co-adviced). Moved to Bosch.
- Tobias Wienand 2022. BSc thesis (co-adviced).